Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 TROJAN:NGRBOT-ACTIVITY

Severity

 Critical

Recommended

 Yes

Recommended Action

 Drop

Category

 TROJAN

Keywords

 nrgBot Trojan C&C

Release Date

 2014/07/14

Update Number

 2398

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

TROJAN: ngrBot IRC Command and Control Activity


This signature detects the IRC Command and Control activity of the ngrBot, a malicious trojan. Users infected by this trojan can have their web traffic redirected and intercepted, which could lead to an exposure of sensitive data, like banking information. This trojan also has the ability to erase the boot sector of the hard drive, resulting in an unusable system. The source IP is infected and should be removed from the network for forensic analysis and malware removal.

References

  • URL: http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/W32~Ngrbot-I.aspx

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out